Monitor server logs – Install on CentOS 7 / RHEL 7 is the real-time monitoring tool, powered by node.js and offers a simple web interface for monitoring the server logs. This guide will help you to monitor server log with on CentOS 7 / RHEL 7.

Configure EPEL repository:

We will use npm for installing, so lets install npm and node.js, are available in EPEL repository. Install EPEL rpm to setup repository on CentOS 7.

# rpm -Uvh


Install npm and node.js using yum command.

# yum install npm nodejs

npm is the package manager for jabascript which allows to manage dependencies for application, also it allows user to install node.js applications from npm registry. You must input a username for installation, for example here i used “root” user.

# npm install -g --user "root"

Configure’s Installed directory is ~/ which is a hidden directory in the home directory of the user, used in prevoius step for the installation, it has three configuration files which controls its working nature.


This the configuration file for harvester, it is nothing but a log forwarder which keeps on watching log files for changes, send new log to the server. We can configure nodename, what are all logs to watched and where to send a log.

Edit the harvester file, mention the node name. By-default, harvester is set to monitor only apache log, we will modify in such a way that it monitors messages log. Since the server host is defined as, harvester will broadcast logs to all listening server, it is recommended to set either (if the same machine act as server) or ip address of remote server server.

# vi  ~/ exports.config = {
nodeName: "ITzGEEK_server", # Node Name
logStreams: {
apache: [ "/var/log/httpd/access_log", # Monitoring Apache Logs "/var/log/httpd/error_log"
[ "/var/log/messages" # Monitoring Messages file
server: {
host: '', # Sends the file to remote server, Set to for local server
port: 28777


This is the configuration file of server, it tells the server on which ip address it should listen. By default, it listens on all ip interfaces for receiving the logs from client. Listening ip address can be changed by modifying host string.

# vi  ~/ exports.config = {
host: '', # Listens on all ip for receving logs
port: 28777


This the configuration file of web interface, this alters the functionality of the web portal. By-default, web portal is accessible on port no 28778 and on all interface. This file offers a way to increase the security by putting HTTP authentication,securing the web interface with SSL, disallowing logs from specific ip address and restricting the web interface access to the specific ip.

 # vi  ~/ exports.config = {
host: '', # Listens all ip adress to recive the web interface requests
port: 28778, /*
// Enable HTTP Basic Authentication
auth: {
user: "admin",
pass: "1234"
*/ /*
// Enable HTTPS/SSL
ssl: {
key: '/path/to/privatekey.pem',
cert: '/path/to/certificate.pem'
*/ /*
// Restrict access to websocket (
// Uses 'origins' syntax
restrictSocket: '*:*',
*/ /*
// Restrict access to http server (express)
restrictHTTP: [ "", "10.0.*"
*/ }

Allow web interface and in the firewall for receiving the logs from the harvester.

# firewall-cmd --add-port=28778/tcp --permanent
# firewall-cmd --add-port=28777/tcp --permanent
# firewall-cmd --reload

Monitor server logs:

Open up your web browser and visit http://your-ip-address:28778. You will get the following page with logs. Monitoring logs Monitoring logs

That’s All, happy monitoring!!!.

External Links: =

Node.js =


npm =

Posted by Linux Admin